UCF STIG Viewer Logo

MobileIron Core v9.x MDM Security Technical Implementation Guide


Overview

Date Finding Count (14)
2019-05-06 CAT I (High): 1 CAT II (Med): 10 CAT III (Low): 3
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-94559 High Only authorized versions of the MobileIron Core 9.x server must be used.
V-70529 Medium The MobileIron Core MDM server must be configured to enable an audit record for the following auditable events: any event selected in the ST under FAU_ALT_EXT.2.1.
V-70517 Medium All MobileIron Core MDM server cryptography supporting DoD functionality must be configured to use FIPS 140-2 validated encryption modules.
V-70535 Medium The MobileIron Core MDM server platform must be protected by a DoD-approved firewall.
V-70523 Medium The MobileIron Core MDM server must be configured to block mobile devices that do not have required OS type and version.
V-70519 Medium The MobileIron Core MDM server must be configured to leverage the MDM Platform user accounts and groups for MDM Server user identification and authentication.
V-70531 Medium The MobileIron Core MDM server must be configured with the Administrator roles: a. MD user. b. Server primary administrator. c. Security configuration administrator. d. Device user group administrator. e. Auditor.
V-70533 Medium The MobileIron Core MDM server or platform must be configured to initiate a session lock after a 15-minute period of inactivity.
V-70525 Medium The MobileIron Core MDM server must be configured to record within each audit record required information: a. date and time of the event; b. type of event; c. mobile device identity; and d. [no other audit relevant information].
V-70537 Medium The firewall protecting the MobileIron Core MDM server platform must be configured to restrict all network traffic to and from all addresses with the exception of ports, protocols, and IP address ranges required to support MDM server and platform functions.
V-70539 Medium The MobileIron Core MDM server appliance must be configured to terminate the network connection associated with a communications session at the end of any transaction with an MDM agent or other server or after 10 minutes of inactivity.
V-70521 Low Before establishing a user session, the MobileIron Core MDM server must be configured to display an administrator-specified advisory notice and consent warning message regarding use of the MDM server.
V-70527 Low The MobileIron Core MDM server must be configured to block mobile devices that do not have required applications installed.
V-70541 Low The MobileIron Core MDM agent must be configured for the periodicity of reachability events for six hours or less.